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DETAILED ACTION 

1 . Pre-Appeal brief request for review, under CFR 41 .37, has been filed. Claims 1-41 and 
43-45 have been examined. Examiners amendment has been made for all independent claims 1, 
11,21, and 41, and claims 4-5, 14-15, 24-25, 31-40, and 43 have been canceled based on the 
telephone interview, with Vincent H. Anderson, on October 24, 2005. 

EXAMINER'S AMENDMENT 

2. An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview with 
Vincent H. Anderson on October 24, 2005. 

1. (Currently Amended) A method comprising: 

associating a security association with a traffic stream; 

associating a metric value with the security association; 
modifying the metric value based on an amount of network traffic generated for the traffic 
stream; -and — 

dynamically mapping the traffic stream to one of multiple components that perform 
cryptography operations based on the metric value Q.i 
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wherein dynamically mapping traffic streams to one of multiple components comprises 
selecting between performing cryptography operations with a driver agent and performing 
cryptography operations with a network interface using cached cryptography information: and 

wherein the dynamic mapping further comprises replacing a cached security association 
with a non-cached security association when the metric value of the non-cached security 
association differs from the metric value of the cached security associations by at least a 
predetermined amount. 

4. (Canceled). 

5. (Canceled). 

1 1 . (Currently Amended) An apparatus comprising: 

a network interface of a Network Interface Card coupled to receive network traffic 
streams; and 

a driver agent coupled to communicate with the network interface, the driver agent to 
associate a security association with a traffic stream, associate a metric value with the security 
association, modify the metric value of the security association based on how much network 
traffic is received for the traffic stream, and dynamically map the traffic stream to one of 
multiple components that perform cryptography operations based on the metric value Q- 1 

wherein dynamically mapping traffic streams to one of multiple components comprises 
selecting between performing cryptography operations with a driver agent and performing 
cryptography operations with a network interface using cached cryptography information: and 
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wherein the dynamic mapping further comprises replacing a cached security associations 
with a non-cached security association when the metric value of the non-cached security 
association is greater than the metric value of the cached security association by at least a 
predetermined amount. 

14. (Canceled). 

15. (Canceled). 

21. An article of manufacture comprising a machine-accessible medium with instructions 
stored thereon An article comprising a machine-accessible medium to provide machine-readable 
instructions that, when executed, cause one or more electronic systems to: 

associate a security association with a traffic stream; 

associate a metric value with the security association; 

modify the metric value based on an amount of network traffic generated for the traffic 
stream; and 

dynamically map the traffic stream to one of multiple components that perform 
cryptography operations based on the metric value i 

wherein dynamically mapping traffic streams to one of multiple components comprises 
selecting between performing cryptography operations with a driver agent and performing 
cryptography operations with a network interface using cached cryptography information: and 

wherein the dynamic mapping further comprises replacing a cached security association 
with a non-cached security association when the metric value of the non-cached security 
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association is greater than the metric value of the cached security association bv at least a 
predetermined amount. 

24. (Canceled), 

25. (Canceled). 

41. A method comprising: 

associating a security association with a traffic stream; 
associating a metric value with a security association; 

initializing the metric value to a predetermined value when the security association is 
received by a driver agent, the metric value to be modified based at least in part on traffic 
generated for the associated traffic stream; 

determining whether the security association necessary for performing cryptography 
operations on a packet of the traffic stream is cached-(4- 1 

determining whether the security association should be cached based on the metric value; 

and 

wherein determining whether the security association should be cached further 
comprises: 

increasing the value of the metric value bv a predetermined amount when the 
associated security association is added to a cache: 

incrementing the value of the metric value when a packet for the associated traffic 
stream is received: and 
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determining whether the metric value is greater than the lowest metric value of 
cached security associations by at least a predetermined amount. 

43. (Canceled). 

Allowable Subject Matter 
3. The following is an examiner's statement of reasons for allowance: 
Claims 1-30, 41, 43, and 44 are allowed. 

Claims 1,11, and 21 : Prior art of record neither alone nor in combination teach a 
method/apparatus/medium of associating a metric value with the security association, associating 
a security association with a traffic stream, and dynamically mapping traffic streams to one of 
multiple components comprises selecting between performing cryptography operations with a 
driver agent and performing cryptography operations with a network interface using cached 
cryptography information and by replacing a cached security association with a non-cached 
security association when the metric value of the non-cached security association differs from 
the metric value of the cached security association by at least a predetermined amount and the 
metric value is modified based on an amount of network traffic generated for the traffic stream. 

Claim 41 : Prior art of record neither alone nor in combination teach a method of associating a 
metric value with a security association, associating security association with a traffic stream, 
and when the security association is received by a driver agent, initializing the metric value to a 
predetermined and modifying the metric value based at least in part on traffic generated for the 
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associated traffic stream, and determining whether the security association necessary for 
performing cryptography operations on a packet of the traffic stream is cached by increasing the 
value of the metric value by a predetermined amount when the associated security association is 
added to a cached, by incrementing the value of the metric value when a packet for the 
associated traffic stream is received, and by determining whether the metric value is greater than 
the lowest metric value of cached security associations by at least a predetermined amount. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 

Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to applicant's . 
disclosure. 6,665,306 Bl : network controller indicator indicating whether the received data 

should be destined to an external network processor or internal 
computer memory. 

6,477,646 Bl: cryptograph accelerator IPSec processing chip allowing significant 
performance improvement. 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eleni A. Shiferaw whose telephone number is 571-272-3867. 
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The examiner can normally be reached on Mon-Fri 8:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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